Blogs

Events

Stories

Attention: RHN Hosted will reach the end of its service life on July 31, 2017.
Customers will be required to migrate existing systems to Red Hat Subscription Management prior to this date.
Learn more here

Details

Updated kernel-rt packages that fix several security issues and two bugsare now available for Red Hat Enterprise MRG 2.0.

The Red Hat Security Response Team has rated this update as havingimportant security impact. Common Vulnerability Scoring System (CVSS) basescores, which give detailed severity ratings, are available for eachvulnerability from the CVE links in the References section.

The kernel-rt packages contain the Linux kernel, the core of any Linuxoperating system.

This update fixes the following security issues:

* A malicious CIFS (Common Internet File System) server could send aspecially-crafted response to a directory read request that would result ina denial of service or privilege escalation on a system that has a CIFSshare mounted. (CVE-2011-3191, Important)

* The way fragmented IPv6 UDP datagrams over the bridge with UDPFragmentation Offload (UFO) functionality on were handled could allow aremote attacker to cause a denial of service. (CVE-2011-4326, Important)

* GRO (Generic Receive Offload) fields could be left in an inconsistentstate. An attacker on the local network could use this flaw to cause adenial of service. GRO is enabled by default in all network drivers thatsupport it. (CVE-2011-2723, Moderate)

* A flaw in the FUSE (Filesystem in Userspace) implementation could allowa local user in the fuse group who has access to mount a FUSE file systemto cause a denial of service. (CVE-2011-3353, Moderate)

* A flaw in the b43 driver. If a system had an active wireless interfacethat uses the b43 driver, an attacker able to send a specially-craftedframe to that interface could cause a denial of service. (CVE-2011-3359,Moderate)

* A flaw in the way CIFS shares with DFS referrals at their root werehandled could allow an attacker on the local network, who is able to deploya malicious CIFS server, to create a CIFS network share that, when mounted,would cause the client system to crash. (CVE-2011-3363, Moderate)

* A flaw in the m_stop() implementation could allow a local, unprivilegeduser to trigger a denial of service. (CVE-2011-3637, Moderate)

* Flaws in ghash_update() and ghash_final() could allow a local,unprivileged user to cause a denial of service. (CVE-2011-4081, Moderate)

* A flaw in the key management facility could allow a local, unprivilegeduser to cause a denial of service via the keyctl utility. (CVE-2011-4110,Moderate)

* A flaw in the Journaling Block Device (JBD) could allow a local attackerto crash the system by mounting a specially-crafted ext3 or ext4 disk.(CVE-2011-4132, Moderate)

* A flaw in the way memory containing security-related data was handled intpm_read() could allow a local, unprivileged user to read the results of apreviously run TPM command. (CVE-2011-1162, Low)

* I/O statistics from the taskstats subsystem could be read without anyrestrictions, which could allow a local, unprivileged user to gatherconfidential information, such as the length of a password used in aprocess. (CVE-2011-2494, Low)

* Flaws in tpacket_rcv() and packet_recvmsg() could allow a local,unprivileged user to leak information to user-space. (CVE-2011-2898, Low)

To install kernel packages manually, use "rpm -ivh [package]". Do notuse "rpm -Uvh" as that will remove the running kernel binaries fromyour system. You may use "rpm -e" to remove old kernels afterdetermining that the new kernel functions properly on your system.